Home News Guide Hardware Download Forum Glossario

Condividi:        

trojan da debellare

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

trojan da debellare

Postdi S4R4K » 09/01/08 14:35

Da una settimana all'avvio di windows appaiono due finestre di alert che mi avvisano di un file .exe ed uno .dll mancanti in system32.
Poi l'antivirus Avast mi segnala spesso la presenza di trojan (i nomi si ripetono) che cancello e sistematicamente riappaiono.
Aiutatemi per favore.

Lascio il mio logfile di HijackThis:


Logfile of HijackThis v1.99.1
Scan saved at 14.34.30, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\DATI\Utility\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rocorosso.splinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpo.exe
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 http://www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\yaywwur.dll
O2 - BHO: {bf2ac5ec-53fb-a7a9-ff04-4b2cbf4e8c2f} - {f2c8e4fb-c2b4-40ff-9a7a-bf35ce5ca2fb} - C:\WINDOWS\system32\muheghxd.dll (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [98e3264a] rundll32.exe "C:\WINDOWS\system32\vwdfesev.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti link selezionati in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti selezione a PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yaywusp - yaywusp.dll (file missing)
O20 - Winlogon Notify: yaywwur - C:\WINDOWS\SYSTEM32\yaywwur.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07
Top
Sponsor
 

Re: trojan da debellare

Postdi Luke57 » 09/01/08 16:01

Ciao, Scarica il file - combofix.exe da qui http://www.techsupportforum.com/sect...s/ComboFix.exe
o da qui
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
SALVALO SU DESKTOP
Doppio click su combofix.exe e segui le istruzioni a video (non fare altre manovre durante la scansione)
Quando avrà finito, creerà un file di log in C:
Posta qui il log C:\combofix.txt .
Tieni presente che durante la scansione verranno creati alcuni file sul desktop che poi spariranno automaticamente.
Durante la scansione spariranno tutte le icone del desktop
Durante la scansione il firewall potrebbe avvisarti che verranno rimossi alcuni driver (in tal caso acconsenti)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Re: trojan da debellare

Postdi S4R4K » 09/01/08 17:00

Grazie mille.
C'è voluto un bel po' per la scansione, ecco il report:


ComboFix 08-01-09.2 - Sarak 2008-01-09 16.28.46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.962 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Sarak\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sarak\Impostazioni locali\Temporary Internet Files\sc
C:\Documents and Settings\Sarak\Impostazioni locali\Temporary Internet Files\sc\console.html
C:\Documents and Settings\Sarak\Impostazioni locali\Temporary Internet Files\sc\script0.html
C:\Documents and Settings\Sarak\Impostazioni locali\Temporary Internet Files\sc\script1.html
C:\Programmi\Alwil Software\Avast4\ashDisp .exe
C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper .exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\SurfAccuracy
C:\Programmi\SurfAccuracy\License.lnk
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\apddxfol.ini
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddccaxu.dll
C:\WINDOWS\system32\lybvqxae.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\RCX29.tmp
C:\WINDOWS\system32\RCX2A.tmp
C:\WINDOWS\system32\RCX2B.tmp
C:\WINDOWS\system32\RCX2C.tmp
C:\WINDOWS\system32\RCX2D.tmp
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\vesefdwv.ini
C:\WINDOWS\system32\yaywwur.dll
C:\WINDOWS\system32\ycggrxgq.ini
C:\WINDOWS\UpdReg.EXE

Codice: Seleziona tutto
 <pre>
C:\Programmi\Alwil Software\Avast4\ashDisp .exe ---> QooBox
C:\Programmi\Creative\SBAudigy\Program\ADGJDet .exe ---> ADGJDet.exe
C:\Programmi\Creative\Splash Screen\CTEaxSpl .EXE ---> CTEaxSpl.EXE
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper .exe ---> QooBox
C:\Programmi\Logitech\QuickCam10\QuickCam10 .exe ---> QuickCam10.exe
C:\WINDOWS\UpdReg .EXE ---> UpdReg.EXE
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Creati Da 2007-12-09 al 2008-01-09 )))))))))))))))))))))))))))))))))))
.

2008-01-09 16:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 15:26 . 2008-01-07 20:15 <DIR> d-------- C:\VundoFix Backups
2007-12-27 13:44 . 2007-12-27 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NVIDIA
2007-12-27 13:21 . 2008-01-09 14:11 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2007-12-27 04:27 . 2008-01-09 16:51 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
2007-12-27 04:26 . 2008-01-09 16:51 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-12-27 04:25 . 2008-01-09 16:51 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-12-27 04:22 . 2008-01-09 16:51 31,064 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
2007-12-27 04:22 . 2008-01-09 16:51 28,248 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
2007-12-27 04:22 . 2008-01-09 16:51 28,248 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
2007-12-27 04:21 . 2008-01-09 16:51 31,064 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
2007-12-27 04:19 . 2008-01-09 16:48 3,162,278 --------- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-00531102}.BAK
2007-12-27 02:38 . 2008-01-09 16:48 3,162,278 --a------ C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-00531102}.CDF
2007-12-27 02:35 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini
2007-12-26 16:08 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-23 03:26 . 2007-12-23 03:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2007-12-23 03:25 . 2007-12-23 03:25 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-23 03:23 . 2008-01-04 22:23 <DIR> d-------- C:\Programmi\GameShadow
2007-12-19 11:45 . 2007-12-19 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2007-12-18 22:03 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-18 22:03 . 2008-01-09 16:52 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-18 22:03 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-18 21:54 . 2007-12-18 21:54 <DIR> d-------- C:\Programmi\SystemRequirementsLab
2007-12-18 21:23 . 2007-12-18 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\POPWWPROFILES
2007-12-15 21:05 . 2007-12-15 21:22 <DIR> d-------- C:\Programmi\C6 Messenger
2007-12-15 21:05 . 2007-12-15 21:05 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-15 13:02 . 2007-12-15 13:02 <DIR> d-------- C:\Programmi\ZoneAlarmSB
2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 15:53 3,612,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-09 15:51 47,540 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-09 15:48 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\uTorrent
2008-01-09 15:24 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-09 14:09 --------- d-----w C:\Programmi\Bit Che
2008-01-05 11:45 --------- d-----w C:\Programmi\Radnberg
2008-01-04 21:24 --------- d-----w C:\Programmi\SpeedBit Video Accelerator
2008-01-01 15:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-28 12:03 --------- d-----w C:\Programmi\Alice Messenger
2007-12-27 01:38 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-27 01:38 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-27 01:37 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\Creative
2007-12-26 01:14 --------- d-----w C:\Programmi\Soulseek
2007-12-16 19:21 --------- d-----w C:\Programmi\DivX
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 20:35 --------- d-----w C:\Programmi\uTorrent
2007-11-27 21:47 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\Skype
2007-11-27 21:27 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\skypePM
2007-11-27 01:14 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2007-11-26 13:44 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\Ulead Systems
2007-11-26 13:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
2007-11-26 13:42 --------- d-----w C:\Programmi\Ulead Systems
2007-11-26 12:21 --------- d-----w C:\Programmi\MSN Messenger
2007-11-26 03:35 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-26 03:33 --------- d-----w C:\Programmi\Skype
2007-11-26 03:33 --------- d-----w C:\Programmi\File comuni\Skype
2007-11-26 03:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-11-26 03:06 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\MSN6
2007-11-26 01:49 --------- d-----w C:\Programmi\Windows Live
2007-11-26 01:43 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-11-26 01:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-11-25 20:36 --------- d-----w C:\Programmi\File comuni\Logitech
2007-11-25 20:34 --------- d-----w C:\Programmi\Logitech
2007-11-25 20:34 --------- d-----w C:\Programmi\File comuni\LogiShrd
2007-11-25 20:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Logitech
2007-11-23 12:51 --------- d-----w C:\Programmi\Winamp
2007-11-19 13:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2007-11-19 10:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-11-18 19:11 --------- d-----w C:\Programmi\DAP
2007-11-17 20:51 --------- d-----w C:\Programmi\MSXML 4.0
2007-11-16 18:05 --------- d-----w C:\Programmi\FreePOPs
2007-11-16 14:59 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2007-11-16 13:14 155,995 ----a-w C:\WINDOWS\java\Packages\5VHJLZ7J.ZIP
2007-11-16 13:13 --------- d-----w C:\Programmi\Alice ti aiuta
2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-10-20 00:56 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-10-10 12:54 511,624 ----a-w C:\Documents and Settings\Sarak\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-07-03 10:38 9,152,901 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-05-17 11:43 2,990 ----a-w C:\Programmi\irunin.ini
2007-05-17 11:42 7,623 ----a-w C:\Programmi\irunin.lng
2007-05-17 11:42 22,012 ----a-w C:\Programmi\irunin.dat
2007-01-18 13:18 761 ----a-w C:\Programmi\sites.xml
2006-06-29 18:40 528,384 ----a-w C:\Programmi\FTPWanderer.exe
2006-04-24 10:59 1,130,496 ----a-w C:\Programmi\DVDDecrypter.exe
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2000-02-08 16:16 49,826 ----a-w C:\Programmi\GenesisConfig.dat
2000-01-28 12:40 476,160 ----a-w C:\Programmi\genV2PRO.8bf
1999-12-15 15:25 2,166,381 ----a-w C:\Programmi\genv2pro.chm
.
Codice: Seleziona tutto
<pre>
----a-w         3,256,320 2007-12-27 12:38:15  C:\Programmi\Alice Messenger\alicemessenger .exe
----a-w           122,880 2008-01-04 21:18:27  C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask .exe
----a-w           163,840 2008-01-04 21:18:26  C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray .exe
----a-w           180,269 2008-01-04 21:18:17  C:\Programmi\File comuni\Real\Update_OB\realsched .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2c8e4fb-c2b4-40ff-9a7a-bf35ce5ca2fb}]
C:\WINDOWS\system32\muheghxd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [ ]
"TaskTray"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe" [ ]
"TaskBar"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe" [ ]
"AliceMessenger"="C:\Programmi\Alice Messenger\alicemessenger.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-09 14:11 90112]
"Jet Detection"="C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2008-01-09 14:11 28672]
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.exe" [2008-01-09 14:11 28672]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" [2008-01-09 14:11 756248]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"98e3264a"="C:\WINDOWS\system32\vwdfesev.dll" [ ]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [ ]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 12:27 497176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 16:14:13]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturr]
C:\WINDOWS\system32\vturr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywusp]
yaywusp.dll

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 08:22]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-11-18 15:05]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-11-18 15:05]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 15:47]
S1 Remm_hi;Remm_hi;C:\WINDOWS\system32\drivers\ovcrdpdr.sys []
S3 Adsrvfm;Adsrvfm;C:\WINDOWS\system32\iexpress.exe [2004-08-19 14:39]
S3 scrambler;scrambler;C:\WINDOWS\system32\drivers\scrambler.sys [2005-02-14 11:17]

.
Contenuto della cartella 'Scheduled Tasks'
"2007-12-29 20:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 16:53:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run???????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&????9~??9~????????\???\???????????U?9~??9~\???\?????????`??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-09 16:58:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 15:58:04
.
2007-11-27 01:14:13 --- E O F ---
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07
Top

Re: trojan da debellare

Postdi Luke57 » 09/01/08 17:54

Ciao, apri hiajckthis, premi "do a system scan only", cerchi e spunti le voci seguenti:
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpo.exe
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\yaywwur.dll
O2 - BHO: {bf2ac5ec-53fb-a7a9-ff04-4b2cbf4e8c2f} - {f2c8e4fb-c2b4-40ff-9a7a-bf35ce5ca2fb} - C:\WINDOWS\system32\muheghxd.dll (file missing)
O4 - HKLM\..\Run: [98e3264a] rundll32.exe "C:\WINDOWS\system32\vwdfesev.dll",b
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yaywusp - yaywusp.dll (file missing)
O20 - Winlogon Notify: yaywwur - C:\WINDOWS\SYSTEM32\yaywwur.dll

premi fix checked.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Re: trojan da debellare

Postdi S4R4K » 09/01/08 18:34

Non ho trovato alcune cose da te dette.
Ho fixato ed ecco il nuovo report:



Logfile of HijackThis v1.99.1
Scan saved at 18.32.44, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\uTorrent\utorrent.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
D:\DATI\Utility\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rocorosso.splinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti link selezionati in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti selezione a PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07
Top

Re: trojan da debellare

Postdi Luke57 » 09/01/08 18:41

Sembra a posto, ciao.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Re: trojan da debellare

Postdi S4R4K » 09/01/08 18:53

Grazie mille!!!
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "trojan da debellare":

Pc infetto da trojan sicuranza
Autore: dayfreeman 		Forum: Sistemi Operativi Windows
Risposte: 26
trojan win32/sirefef
Autore: marzianu 		Forum: Sicurezza e Privacy
Risposte: 27
Trojan individuato ma con problemi di rimozione.
Autore: eddiguff 		Forum: Sicurezza e Privacy
Risposte: 8
Come eliminare un trojan da "services.exe"?
Autore: Clarock100 		Forum: Sicurezza e Privacy
Risposte: 2
Trojan in WinLogon.exe
Autore: karpo 		Forum: Sistemi Operativi Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 35 ospiti